Reference no: EM131967095 , Length: word count:2000
Assignment - Tasks and Forensics Report
Task 1: Recovering scrambled bits
For this task I will upload a text file with scrambled bits on the Interact site closer to the assignment due date. You will be required to restore the scrambled bits to their original order and copy the plain text in your assignment.
Describe the process used in restoring the scrambled bits and insert plain text in the assignment.
Task 2: Digital Forensics Report
In this major task you are assumed a digital forensics investigator and asked to prepare a digital forensic report for the following scenario:
You are investigating a possible intellectual property theft by a contract employee of Exotic Mountain Tour Service (EMTS). EMTS has just finished an expensive marketing and customer service analysis with Superior Bicycles, LLC. Based on this analysis, EMTS plans to release advertising for its latest tour service with a joint product marketing campaign with Superior Bicycles. Unfortunately, EMTS suspects that a contract travel consultant, Bob Aspen, might have given sensitive marketing data to another bicycle competitor. EMTS is under a nondisclosure agreement with Superior Bicycles and must protect this advertising campaign material.
An EMTS manager found a USB drive on the desk Bob Aspen was assigned to. Your task is to determine whether the drive contains proprietary EMTS or Superior Bicycles data. The EMTS manager also gives you some interesting information he gathered from the Web server administrator. EMTS filters all Web-based e-mail traffic traveling through its network and detects suspicious attachments. When a Web-based e-mail with attachments is received, the Web filter is triggered. The EMTS manager gives you two screen captures, shown in Figures 8-5 and 8-6 (Textbook page 327), of partial e-mails intercepted by the Web filter that lead him to believe Bob Aspen might have engaged in questionable activities. (Nelson, Phillips, & Steuart, 2015, p. 326-327)
Deliverable: For this forensic examination, you need to search all possible places data might be hiding and submit a digital forensics report of 1800-2000 word.
Rationale
This assessment task covers data validation, e-discovery, steganography, reporting and presenting, and has been designed to ensure that you are engaging with the subject content on a regular basis. More specifically it seeks to assess the learning outcomes:
- determine the legal and ethical considerations for investigating and prosecuting digital crimes
- analyse data on storage media and various file systems
- collect electronic evidence without compromising the original data;
- evaluate the functions and features of digital forensics equipment, the environment and the tools for a digital forensics lab;
- compose technical tactics in digital crimes and assess the steps involved in a digital forensics investigation;
- prepare and defend reports on the results of an investigation
Presentation
The following should be included as minimum requirements in the report structure:
- Executive Summary or Abstract
This section provides a brief overview of the case, your involvement as an examiner, authorisation, major findings and conclusion
- Table of Contents
- Introduction
Background, scope of engagement, forensics tools used and summary of findings
- Analysis Conducted
o Description of relevant programs on the examined items
o Techniques used to hide or mask data, such as encryption, steganography, hidden attributes, hidden partitions etc
o Graphic image analysis
- Findings
This section should describe in greater detail the results of the examinations and may include:
o Specific files related to the request
o Other files, including deleted files that support the findings
o String searches, keyword searches, and text string searches
o Internet-related evidence, such as Web site traffic analysis, chat logs, cache files, e-mail, and news group activity
o Indicators of ownership, which could include program registration data.
- Conclusion
Summary of the report and results obtained
- References
You must cite references to all material you have used as sources for the content of your work
- Glossary
A glossary should assist the reader in understanding any technical terms used in the report. Use a generally accepted source for the definition of the terms and include appropriate references.
- Appendices
You can attach any supporting material such as printouts of particular items of evidence, digital copies of evidence, and chain of custody documentation.
Apa referencing style